How I was Able To Bypass Email Verification

How I was Able To Bypass Email Verification

Hello Masters and Learner I hope you are doing well and always put your efforts to secure the world so that no can get benefits unethically.

the main reason why i am writing this article is that sometime when we lose hope that time we just need to think outside of the box xD .

While testing h1 private site for finding some basic issues i found that the site have email verification mechanism. The main function of this mechanism is to send a 4 digit(OTP) verification code and email link to the user provided email.I thought how can i bypass it 🙂

Try to Brute force verification code but failed they have rate limit there i thought that i m failed to get bypass.

But wait try one more time i go through burp http Req history and found this request interesting which is used for adding email.